package com.hfi.security.app.server;

import com.hfi.security.app.authentication.HfiAuthExceptionEntryPoint;
import com.hfi.security.core.authentication.ValidateCodeAuthenticationSecurityConfig;
import com.hfi.security.core.authentication.authorize.AuthorizeConfigManager;
import com.hfi.security.core.authentication.mobile.SmsCodeAuthenticationSecurityConfig;
import com.hfi.security.core.authentication.openid.OpenIdAuthenticationSecurityConfig;
import com.hfi.security.core.properties.SecurityConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configurers.ResourceServerSecurityConfigurer;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.social.security.SpringSocialConfigurer;

/**
 * @author ChangLiang
 * @date 2019/8/31
 */
@Configuration
@EnableResourceServer
public class HfiResourceServerConfig extends ResourceServerConfigurerAdapter {

    @Autowired
    private AuthorizeConfigManager authorizeConfigManager;

    @Autowired
    private AccessDeniedHandler hfiAccessDeniedHandler;

    @Autowired
    protected AuthenticationSuccessHandler hfiAuthenticationSuccessHandler;

    @Autowired
    protected AuthenticationFailureHandler hfiAuthenticationFailureHandler;

    @Autowired
    private SpringSocialConfigurer hfiSocialSecurityConfig;

    @Autowired
    private SmsCodeAuthenticationSecurityConfig smsCodeAuthenticationSecurityConfig;

    @Autowired
    private OpenIdAuthenticationSecurityConfig openIdAuthenticationSecurityConfig;

    @Autowired
    private ValidateCodeAuthenticationSecurityConfig validateCodeAuthenticationSecurityConfig;

    @Override
    public void configure(HttpSecurity http) throws Exception {
        http.formLogin()
                .loginPage(SecurityConstants.DEFAULT_UNAUTHENTICATION_URL)
                .loginProcessingUrl(SecurityConstants.DEFAULT_LOGIN_PROCESSING_URL_FORM)
                .successHandler(hfiAuthenticationSuccessHandler)
                .failureHandler(hfiAuthenticationFailureHandler);

        http
                // 验证码Filter(包括图形验证码 和 短信验证码)
                .apply(validateCodeAuthenticationSecurityConfig)
                .and()
                // 拦截短信登录请求 处理/authentication/mobile请求
                .apply(smsCodeAuthenticationSecurityConfig)
                .and()
                // 拦截openId及providerId登录/authentication/openid请求
                .apply(openIdAuthenticationSecurityConfig)
                .and()
                // 加入SocialAuthenticationFilter
                .apply(hfiSocialSecurityConfig)
                .and().csrf().disable()
        ;
        authorizeConfigManager.config(http.authorizeRequests());
    }

    @Override
    public void configure(ResourceServerSecurityConfigurer resources) throws Exception {
        resources.authenticationEntryPoint(new HfiAuthExceptionEntryPoint())
                .accessDeniedHandler(hfiAccessDeniedHandler);
    }
}
